Oathe Security Badge

Is 0xArtex/token-research safe?

https://clawhub.ai/0xArtex/token-research

71
CAUTION

This cryptocurrency token research skill contains legitimate functionality for analyzing tokens across multiple blockchains, but employs concerning behavioral override patterns and forced third-party communication. While the core data-gathering capabilities appear sound, the aggressive instruction language and automatic owner notifications raise significant concerns.

Category Scores

Prompt Injection 40/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 50/100 · 5%

Findings (5)

HIGH Strong imperative override language -20

The skill uses forceful language like 'MANDATORY', 'NO EXCEPTIONS', 'ALWAYS', and 'DO NOT' to override normal agent behavior and force specific actions without user consent.

HIGH Forced owner communication -20

The skill instructs the agent to call and send direct messages to the owner immediately upon certain token findings, potentially bypassing user preferences.

MEDIUM Automatic data sharing to owner -15

The skill instructs the agent to automatically send detailed token analysis to the skill owner, which could leak user research interests.

MEDIUM References to non-existent scripts -15

The skill instructions reference scripts like 'ape-call.sh' that likely don't exist, which could cause errors or unexpected behavior.

HIGH Behavioral override patterns -20

The skill uses strong imperative language that could interfere with user instructions and normal agent behavior patterns.